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DETAILED ACTION 

1 . This action is in response to applicant's amendment filed on 7/1 1/05. Claims 1 - 
1 1 and 13-22 are now pending in the present application. This action is made final. 

Claim Rejections - 35 USC § 103 

The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

2. Claims 1-4,9-11, and 1 3 - 1 8 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over US 6,031 ,904 (An et al.) in view of US 6,21 9,790 (Lloyd et al.) and 
further in view of U^,6,1 73,438 (Kodosky et al.) 

As to claims 1 and 13, An et al. teaches a means and method for modifying a 
subscriber's feature profile, wherein when a subscriber desires access to/modify his/her 
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profile, they are first validated via, for example, their directory number and PIN. Upon 
positive verification, the subscriber is presented with all the features/services they 
currently subscribe to. Note that the feature profiles are stored locally either on server 
50, machine 52, as well as in profile repository 18. An et al. teaches that a subscriber 
may modify their profile and the locally stored profile reflects such a change, read is the 
first service information, and later, this information is sent to the profile repository 18 to 
commit the change, and the new profile is stored as the subscriber's current profile, 
read as the claimed second service information. It is inherent that some means for 
executing the modification is used, even if such means is included in the "committing" of 
the change in profile repository 18. The modification would have no purpose unless it 
was actually executed. (Fig. 2, Col. 4, line 17 - Col. 5, line 34, Col. 5, line 49 - Col. 9, 
line 30) 

Moreover, besides teaching accessing a subscriber's feature profile to modify 
his/her preferences, An et al. also teaches accessing his/her actual service/features. 
(Col. 1, lines 41 -48) 

What An et al. does not teach is the use of a privilege token, but tokens are very 
old and well known in the art as merely one means of effecting validation. A token can 
be any piece/bit of information/data used to compare data such as the aforementioned 
directory number and PIN with. Even in networking, as a term of art, a token is merely a 
set of bits that if the network recognizes, allows the data tagged with that token access 
to transmit/travel over the network. Kodosky et al. teaches a system and method of 
using such privilege tokens. (Fig. 16 and Col. 20, lines 10 - 39 of Kodosky et al.) 
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It would have been obvious for one of ordinary skill in the art to use a privilege 
token method of validation inasmuch as again, it is merely one of a plurality of well 
known methods of validation. Moreover, it would not affect the operation or teach away 
from the service provisioning aspect of An et al. inasmuch as the validation process is a 
separate one from the provisioning process. 

An et al. also does not teach determining whether a subscriber is currently 
logged in and if not requiring the subscriber to log in and the use of separate 
authentication and authorization servers. However, such is merely a user-convenience 
feature and would have been obvious for one of ordinary skill in the art to implement at 
the time the invention was made. Such a feature merely depends on how a subscriber 
uses/accesses his/her service(s). For example, on ANY webpage requiring 
authorization to access, if a person tries to view that webpage and is not authorized or 
registered or logged on, a pop-up window appears or another login webpage appears. 
After that, any subsequent webpage residing on that server or in the hierarchy of that 
page or hyperlinking makeup, is accessible without further logging in. Given the use of 
the Internet and webpages for accessing a subscriber's profile in the system and 
method of An et al., such a feature would again, have been obvious. 

Also, many times, authentication and authorization are done using the same 
server. Interpreted in one way, this means than authentication and authorization can be 
considered to be one in the same for general purposes. Interpreted another way, 
authentication can be considered the act of verifying that someone is who they say or 
indicate they are, while authorization can be considered the act of giving that someone 
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a privilege(s) upon verifying or authenticating their identity. Regardless, even in this 
sense, it is clear that authentication and authorization are intertwined if inseparably so. 
This is because there would be no purpose to authentication unless that information will 
be used for authorizing some privilege(s). 

Lloyd et al. teaches an authentication, authorization, and accounting server 118. 
(Abstract, Fig. 2, Col. 1, line 10 - Col. 4, line 29 of Lloyd et al.) Although the server 118 
is a single server, Fig. 1 shows that even at least on an object-level, authentication and 
authorization are separate elements or acts and therefore, it still would have been 
obvious for one of ordinary skill in the art at the time the invention was made to have 
used two separate servers. Motivations for doing so are because they can be 
considered to be two separate actions that deserve their own separate servers. 
However, because as operations, they are so intertwined, for the sake of saving 
resources or streamlining operations, they can be implemented in a single server as 
shown. Either is ample motivation for using either method - separate or together. 

Also, note that an authorization service is inherently taught by at least Lloyd et al. 
because this system authorizes access. Whether this is separate or a part of a system, 
it still means it is a service. 

Finally, interpreted in one manner, the term "services" as used in the claim can 
be read as a telephony feature, in which case, An et al. teaches accessing a plurality of 
features associated with any one service line the subscriber is subscribed to. (Col. 3, 
lines 1-19) 
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Also, the limitation "one or more" means that the existence of only one 
telecommunications service is needed to reject the claim, which as discussed, An et al. 
teaches. 

Interpreted in another manner, the term "service" could be read as the actual 
service line (conventional, wireless, etc.) associated with the above-discussed directory 
number. In this instance, An et al. does not teach using a single PIN to access multiple 
services. However, again, such is extremely old and well known and would have been 
obvious for one of ordinary skill in the art to implement in An et al. at the time the 
invention was made. For example, one need only insert his/her card into an ATM 
machine and after entering a PIN, that person is given access and use to his/her 
checking account, savings account, etc. This same feature is and was available even 
when ATMs were not used and people used telephones to access their account 
information. The same method was used except over a telephone. 

Moreover, as discussed above, such a feature merely applies to user 
convenience and because An et al. already teaches that a subscriber may access all 
his/her accounts or services via one interface, albeit logging in each time using the 
appropriate DN, such a feature would merely require a further aggregation of accounts 
or services. This then is merely a question of level. At a lower level, the system of An 
et al. requests entry of a DN and a PIN. At another obvious, higher level, the system 
could ask for a userid and PIN, wherein because a userid is used, access to all that 
user's accounts or services is possible. Again, this is old and well known in the 
telephony as well as computer arts and the motivation for this is a user only has to be 
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authorized only one time. This is convenient for both the user and the authenticating 
system because the systems resources are not as busy as it would be otherwise if it 
constantly had to authenticate users. 

Finally, presenting feature profiles or lists to subscribers is notoriously old and 
well known in the art. For presentation clarity or to save on resources or space for 
example, a feature profile may be presented wherein only those features that a 
subscriber has subscribed to are displayed, presented, etc. Other times, all available 
features may be presented as a way to entice subscribers to subscribe to more features 
or simply the provider deems it easier to display all features. However, such a limitation 
is merely a user-friendly design choice that would have been obvious to one of ordinary 
skill in the art at the time the invention was made. 

As to claim 2, An et al. does not teach mapping a user name to a distinguished 
name. Instead An et al. as discussed above, uses a user's directory number and PIN to 
identify that user. However, mapping names or other identifiers is also old and well 
known in the art and would merely be a design choice or preference for one of ordinary 
skill in the art at the time the invention was made. Such a feature again, would not 
affect the provisioning aspect of the invention. Note that An et al. does teach using a 
DN name mapper 134 (Fig, 13) for properly associating a subscriber with the correct 
service manager and specific address. (Col. 7, lines 33 - 48) 

Also, a subscriber in An et al. may have more than one line, i.e., a landline, a 
wireless subscription, pager service, local and/or long distance service, etc., read as the 
claimed roles. 
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As to claims 3 and 4, such limitations merely address the programming level 
aspect of the invention, i.e., object-oriented languages that would implement the profile 
and validation aspects of the present invention. While An et al. describes the validation 
on a much higher level, such would also be obvious if not inherent in An et al. inasmuch 
as most of the programming languages or protocols used in tele/data communications 
in recent years have been object-oriented and are necessary to effect the operation in 

computer-based systems. 

1 

As to claim 9, see the above rejection of claim 1 and note that An et al. also 
teaches that besides merely displaying a subscriber's current feature profile to them, the 
subscriber is actually logged in" as they are able to amend each feature on their current 
profile. (Figs. 5 - 1 2 and Col. 5, lines 35 - 48) 

As to claim 10, see the rejection of claims 2-4 above, and note that the same is 
applicable as well to the actual service features inasmuch as An et al. teaches that each 
feature that a subscriber may subscribe to, may have parameters. An et al. also 
teaches that a subscriber may read about his services, or others that are available to 
him/her, as well as being able to get descriptions regarding the cost of services, or 
example. (Figs. 5 - 12 and Col. 6, line 39 - Col. 9, line 20) 

As to claim 1 1 , An et al. teaches the use of a subscriber service provisioning 
manager (SSPM) server 122, which includes an authentication server 136, the 
abovementioned DN name mapper, and a service manager adaptor 138. Such a server 
is read as the claimed selection gateway. 

As to claim 14, see the rejection of claims 1 and 2. 
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As to claim 1 5, see Col. 5, lines 6-48 and Figs. 5-6, wherein An et al. teaches 
that personalized web pages are displayed to a subscriber with only those features that 
they are presently subscribed to as well as those that they may subscribe to. 

As to claims 16-18, see the rejection of claim 1 . 

3. Claims 5 - 8 and 1 9 - 22 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over US 6,031 ,904 (An et al.) in view of US 6,219,790 (Lloyd et al.), US 
6,173,438 (Kodosky et al.), and further in view of US 6,622,016 (Sladek et al.) 

As to claims 5 and 19-22, An et al. , Lloyd et al., and Kodosky et al. have been 
discussed above. What they, do not teach are group subscriptions. 

However, provisioning group preferences and profiles is old and well known as is 
group subscriptions, or subscribers who share the same preferences. Common 
examples of this are business groups within a corporation or family groups, etc. Such is 
taught by Sladek et al. wherein a system for controlled provisioning of 
telecommunications services is also applicable to a group of subscribers. (Abstract, 
Col. 2, lines 36-46, Col. 3, lines 8 - 21, Col. 17, lines 16-28 of Sladek et al.) 

It would have been obvious for one of ordinary skill in the art at the time the 
invention was made to have allowed for groups inasmuch as they are old and well 
known and would only affect the relational aspect of subscribers. Instead of providing 
service to one subscriber, it would be to a group of subscribers, linked in some manner 
in the profile repository 18 of An et al. 
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Moreover, it is inherent that some administrator or head affect changes for the 
group and of course, as discussed above, would have to be validated as well. Even if 
all the members of a group could make changes to the group subscription, each of the 
members then could be considered administrators, because to be an administrator, one 
need only have the ability to administrate, in this example, over service features. 

As to claim 6, see the rejection of claim 2 and note that such would be inherent 
or at the least, obvious to one of ordinary skill in the art at the time the invention was 
made. A group would merely be considered to be another subscriber, except, as 
discussed above, there would be some manner of linking the group members so that 
the feature profile for the group would affect all the members. 

As to claims 7 and 8, see the rejection of claims 3 and 4. 

Response to Arguments 

4. Applicant's arguments filed 7/1 1/05 have been fully considered but they are not 
persuasive. 

As to applicant's arguments regarding the alleged hindsight reasoning, it must be 
recognized that any judgment on obviousness is in a sense necessarily a reconstruction 
based upon hindsight reasoning. But so long as it takes into account only knowledge 
which was within the level of ordinary skill at the time the claimed invention was made, 
and does not include knowledge gleaned only from the applicant's disclosure, such a 
reconstruction is proper. See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 
(CCPA1971). 
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Moreover, authentication is notoriously old and well known in the telephony arts, 
whether for accessing one's personal profile/ telephony settings / etc. or whether for 
accessing information via a telephone such as checking a credit card account or for 
accessing contact information as in protected directory assistance. Because An et al. 
already implements at least some type of authorization and/or authentication for 
accessing a subscriber feature profile, the need is already present. Examiner argues 
that using authentication tokens are very old and well known in the art. As further 
evidence, see the cited prior art below that teaches various types of telephony and 
computer systems that employ authentication / authorization of user access to a system 
or to certain information using tokens. 

Examiner's argument is not vague, but rather merely a simple one. Because 
such a feature or limitation is so old and well known to those of ordinary skill in the art, 
implementing authentication tokens, as discussed in the rejection, is merely one of a 
plurality of known techniques for authentication / authorization and could be easily 
integrated into a system already showing the need for authentication. 

As to applicant's further arguments regarding authentication, again, the 
motivation is clearly present in An et al. simply because An et al. already teaches 
authentication means. It is merely a different way or technique of accomplishing 
authentication. Applicant seems to be making the argument that in order for a 
combination to be made between An et al. and a prior art reference applicant would 
accept is a prior art reference that teaches using authentication tokens to validate a 
user's right to modify services. Unfortunately, this argument confuses a 35 USC 102 
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and a 35 USC 103 argument. If such a prior art reference were to be applied, no 
combination would be necessary. As it happens, examiner has chosen to validly make 
a 103 rejection. Again, authentication tokens are old and well known in the art as a 
technique for authorization and/or authentication. Therefore, using tokens instead of 
another authentication / authorization technique essentially becomes* a design choice or 
preference. 

As to applicant's arguments regarding redesign, none of applicant's arguments 
are relevant to, implicit in, or explicitly stated in the claims. Even if applicant's 
arguments were valid, examiner's interpretation of the claim language is valid and does 
not require the inclusion of all the limitations argued by applicant. For example, none of 

the claims recite "differentiated service" nor do any of the claims recite storing unused 

.p. 
t 

information in a privilege token. 

As to applicant's argument regarding non-analogous art, as explained in the 
rejection and as discussed above, the technique of using authentication tokens can be 
implemented in any system needing authentication. The fact that Kodosky happened to 
be using authentication tokens in a different environment in this instance is irrelevant. 
An et al. teaches a telephony system, but of course that system, as are most telephony 
systems now, is comprised of computer / data processing elements just as in Kodosky. 

As to applicant's arguments regarding the storing of privilege information in a 
token is inherent when tokens are used to represent or grant differing levels of access. 
Unless tokens are somehow distinguished from one another, those differing levels 
cannot be realized. And again, all the token is claimed as doing in the present invention 
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is being associated with a user and ensuring that the particular user has sufficient rights 
to modify data. Kodosky teaches the exact same thing, regardless of whether a token 
can be passed on. The claims do not distinguish between a first and second user. 
Even Fig. 16 and Col. 20, lines 10 - 39 of Kodosky indicate differences in privileges 
between a token owner and a token non-owner. 

As to applicant's arguments regarding the storage of data associated with a 
subscriber, how else does a subscriber's feature profile get created, modified, stored for 
an associated subscriber unless this happens. In ANY system that contains a 
subscriber profile, some data repository or directory or memory has such information. A 
person who subscribes to voice mail but not to callerlD service in a normal PSTN / 
POTS system has such information stored in a repository. And of course, this type of 
data is indicative of privilege and service. Even An et al. alone, that teaches allowing a 
subscriber access to his/her profile means inherently that they must be identified as a 
person capable of accessing his/her data, i.e., their directory number or a PIN, reading 
on privilege information. Also, because An. Et al. teaches that the subscriber profile is 
used to associate / store service information for a subscriber, of course, there is service 
information. Finally, a directory repository is not a term of art and can be read merely to 
be any storage means. 



Application/Control Number: 09/800,646 
Art Unit: 2642 



Page 14 



Conclusion 

5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. US 6064990 (Goldsmith) teaches it is old and well known to use 
authentication tokens for preventing unauthorized access. US 6,324,271 (Sawyer et al.) 
teaches a system and method of call identification authentication. US 2002/01 16396 
(Somers et al.) teaches using access authorization token data having different levels of 
access stored on the token. 

6. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Hector A. Agdeppa whose telephone number is 571- 
272-7480. The examiner can normally be reached on Mon thru Fri 9:30am - 6:00pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ahmad* F. Matar can be reached on 571-272-7488. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Hector A. Agdeppa 

Examiner 

Art Unit 2642 



H.A.A. 

September 30, 2005 




